macnews.net.tc
2006-02-20
Safari executes shell scripts automatically!
And that's a bad thing, of course. Read more about it here. And turn off Safari's default behaviour of automatically expanding and running "safe" files. They just might not be.
Michael Lehn, who found the vulnerability (link in German), says Apple's on it to fix the issue. But until then: Be safe. A script could simply erase *everything* your user has access to. And that would at least concern all of your files as well as backups connected to your account currently via USB or FW.
Comments:
ehi man, this bug was fixed in OS X 10.4.5.
 
sure? Where do you read that? Try this in 10.4.5 with Safari set to automatically process "safe" files: http://www.heise.de/english/newsticker/news/69862 ... It certainly opens a Terminal window, lists your directory and tells you you're vulnerable in German. (Does nothing else. heise is not a baddie.)
 
Post a Comment

<< Home
apple stories with common senseā„¢

if you want to send us a message, you can do so at rumours at fryke dot com.

rss-link

archives
2005-05
2005-06
2005-07
2005-08
2005-09
2005-10
2005-11
2005-12
2006-01
2006-02
2006-03
2006-04
2006-05
2006-06
2006-07
2006-08
2006-09
2006-10
2006-11
2006-12
2007-01
2007-02
2007-03
2007-04
2007-05
2007-06
2007-07
2007-09
2007-10
2008-12
2009-01
2009-02
2009-03
2009-04
2009-08
2010-01
2010-03
2010-10
2011-02
2011-11
2011-12

2005 (old server)
2004 (old server)





Powered by Blogger